9

after I make a VPN connection to my work/whatever, I currently have to go into the command prompt and manually add a route.

eg.

ROUTE ADD 10.1.0.0 255.255.0.0 172.16.3.0 METRIC 1 or whatever the command is.

Is it possible to have this automatically happen after I successfully make a VPN connection?

Pure.Krome
  • 6,508
  • 18
  • 73
  • 87

4 Answers4

22

If you have multiple VPNs you might run into the issue that when they connect in random order, their interface IDs change. In that case the normal ROUTE -P ADD 10.0.0.0 MASK 255.255.0.0 10.0.0.1 IF 42 does not work. The next time the VPN connects it might have a different interface number.

Powershell has a cmdlet available that adds routes on VPN connection and removes them again when the VPN is disconnected: Add-VpnConnectionRoute. It works without having to specify the interface ID.

The basic syntax is like this:

Add-VpnConnectionRoute -ConnectionName "VPN Connection Name" -DestinationPrefix 10.0.0.0/16

After entering this command, the routes will be created/removed automatically on connection/disconnection of the VPN.

ErikvO
  • 369
  • 2
  • 5
  • 1
    Should be the accepted answer. BTW I didn't know about that "PowerShell" before then ... I don't get why those commands aren't available in CMD. Another Microsoft silliness ... – Laurent Jul 06 '16 at 00:49
  • +1 for the Poweshell. Beats me why MS doesn't add another tab in IP settings - aside from the fact they're still building replacement control panels for the (currently) modern/mobile UI. – Mayyit Jun 11 '17 at 21:26
  • 3
    My Windows 7 does not have that command! – LatinSuD Mar 07 '19 at 11:45
4

If you want to make it a 1-step process, you could create a batch file that runs rasdial to automate your VPN connection and then does a ROUTE ADD:

rasdial "connection name" username password ('*' to prompt for password)
ROUTE ADD 10.1.0.0 255.255.0.0 172.16.3.0

This assumes you're connecting to a Microsoft VPN, but you could script the OpenVPN client in the same way:

openvpn c:\path\to\config-file.ovpn
ROUTE ADD 10.1.0.0 255.255.0.0 172.16.3.0
nedm
  • 5,630
  • 5
  • 32
  • 52
  • OpenVPN client should automatically add the appropriate routes, assuming it is configured correctly. – MDMarra Sep 05 '10 at 06:25
  • True for the route(s) assigned/pushed from the server, but there may be additional routes you want to define. – nedm Sep 05 '10 at 06:33
  • OOO! now that's interesting :) Was a typo in the ROUTE ADD line .. but besides that the .bat doesn't work cause it needs to run in privileged mode :( – Pure.Krome Sep 05 '10 at 13:14
  • Yes, 'route add' requires admin privileges, but you should be able to right-click on the command prompt taskbar icon and choose 'Run As Different User' and enter admin credentials, then run the bat file from the command line. I would place the .bat file in whichever directory that doing so leaves the command prompt in by default, so you can just type 'vpnscript.bat' or whatever after login without switching directories. Alternatively, control-shift-click should also open the command prompt in privileged/admin mode w/ UAC. – nedm Sep 05 '10 at 20:38
  • With the powershell tip by @ErikvO, you set it up and forget it, using the VPN connection normally without needing admin privileges. – Laurent Jul 06 '16 at 00:52
4
netsh interface ipv4 add route [destination/prefixlength] "[interface/connection name]"

I'm using that to deal with connections that have subnet overlap by adding static routes for hosts on the remote subnet - servers and the like.

Stuart Smith
  • 228
  • 2
  • 7
  • This is exactly what I needed as I am using Windows Server 2008. The PoswerShell solution did not work. – Michael Coxon May 17 '16 at 03:20
  • This worked perfectly for my Windows 7 client. Thank you. – Dude named Ben May 03 '17 at 02:05
  • It is not persistent, and it requires that the VPN is already connected, right? – LatinSuD Mar 07 '19 at 11:46
  • That's correct. The problem i had was with subnet overlap, so having persistent routes would cause problems. You only want it to take place after the connection is up. I looked at using event triggers through the task scheduler but never got it working consistently. It should be possible to create a service subscribing to SENS to do it (i think interface connection and disconnection is covered under SENS), but navigating the security context to spawn another process with admin rights is problematic due to UAC. I imagine it can be done by allowing desktop interaction and UAC prompts, i just – Stuart Smith Mar 12 '19 at 12:43
1

You could make the route persistent (I think with route -p) so you don't need to enter it each time. If you are using openVPN, the server can send a route to the client: push "route 192.168.1.0 255.255.255.0" for example. With other VPNs servers I dont' know but I guess they may have a similar option too.

laurent
  • 2,055
  • 16
  • 14
  • so it cannot be made, client side .. and on demand? – Pure.Krome Sep 05 '10 at 03:29
  • I don't know any way to do it (with openVPN) on client side and not permanent different from nedm's answer but there will be the need to run the bat file with admin privilege. I think a persistent route is not a bad solution if you can't modify the openVPN server config. – laurent Sep 06 '10 at 01:43